【公開情報】
◆Vulnerability Note VU#625617 (CERT, 2013/01/11)
Java 7 fails to restrict access to privileged code
http://www.kb.cert.org/vuls/id/625617
⇒ https://vul.hatenadiary.com/entry/2013/01/11/000000
◆JVNTA13-010A Oracle Java 7 に脆弱性 (JVN, 2013/01/11)
http://jvn.jp/cert/JVNTA13-010A/index.html
⇒ https://vul.hatenadiary.com/entry/2013/01/11/000000_3
【参考資料】
◆0 day 1.7u10 (CVE-2013-0422) spotted in the Wild - Disable Java Plugin NOW !
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
◆New year, new Java zeroday
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
◆[SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code
http://seclists.org/bugtraq/2013/Jan/48
【Exploit Code】
◆Java 0day 1.7.0_10 decrypted source
http://pastebin.com/raw.php?i=cUG2ayjh
【修正プログラム】
◆Java Downloads for All Operating Systems (Oracle, 2012/01/14)
Recommended Version 7 Update 11